[email protected]

Aliases: W32/Anel, Troj/AngelWin, WORM_ANEL.A, Worm/Anel, I-Worm/Angel
Variants: Email-Worm.Win32.Anel, I-Worm.Anel, Win32.HLLW.Rafie.40960, Backdoor:Win32/Rabiggs, Win32:Trojan-gen

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Fast
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 30 Oct 2002
Damage: Low

Characteristics: Written using the Visual Basic programming language, this mass mailing Worm makes use of the address book of Microsoft Outlook to send a copy of itself to unsuspecting computer users. The [email protected] program attaches the file Checkwin.exe and convinces the recipient to launch the seemingly harmless file to initiate infection.

More details about [email protected]

An early sign of the execution of the [email protected] Worm is the creation of the ReadThisPage.html file in the root directory of the main hard drive. It also creates its main executable file Checkwin.exe within the Windows directory in an attempt to hide it amongst legitimate EXE system files. The [email protected] program then proceeds to harvest contacts stored in the Windows Address Book and make them potential targets of its infection. Previous instances of infections have established that this malware makes use of the "Hehehehtetetete" as subject line. The message body itself contains something like "Hello Buddy , Check the Attachment And Have Fun With that, Yoohooo." in an attempt to look friendly and give the recipient a feeling of assurance that the email message was sent legitimately.

In majority of infections associated with the [email protected] Worm, the computer user remains unaware that his email account has already been hijacked unless one of the recipients alert him to the incidence. These types of malware normally do not damage any installed files but rather lower system security and stability allowing for more potentially dangerous attacks on the already infected machine. Due to the possibility of the [email protected] program extracting more deeply embedded files in the system manual removal may be time consuming and impractical. A good alternative would be to resort to a dependable antivirus application provided it makes use of an updated definition file and detection engine.